Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr dolibarr vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2019-16197
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.
Dolibarr Dolibarr Erp/crm 10.0.1
1 EDB exploit
435
VMScore
CVE-2014-3991
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) ma...
Dolibarr Dolibarr Erp/crm 3.5.3
1 EDB exploit
435
VMScore
CVE-2011-4814
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optionc...
Dolibarr Dolibarr Erp/crm 2.9.0
Dolibarr Dolibarr Erp/crm 2.8.1
Dolibarr Dolibarr Erp/crm
Dolibarr Dolibarr Erp/crm 2.6.0
Dolibarr Dolibarr Erp/crm 3.0.0
Dolibarr Dolibarr Erp/crm 2.7.1
Dolibarr Dolibarr Erp/crm 2.6.1
Dolibarr Dolibarr Erp/crm 2.5.0
Dolibarr Dolibarr Erp/crm 2.7.0
Dolibarr Dolibarr Erp/crm 2.8.0
Dolibarr Dolibarr Erp/crm 3.0.1
1 EDB exploit
409
VMScore
CVE-2017-8879
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate malicious users to obtain access via an unattended workstation.
Dolibarr Dolibarr Erp/crm 4.0.4
384
VMScore
CVE-2017-17971
The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.
Dolibarr Dolibarr Erp/crm 6.0.4
2 Github repositories
383
VMScore
CVE-2022-30875
Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.
Dolibarr Dolibarr Erp/crm 12.0.5
383
VMScore
CVE-2021-33618
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.
Dolibarr Dolibarr Erp/crm 13.0.2
383
VMScore
CVE-2020-14475
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote malicious users to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey).
Dolibarr Dolibarr Erp/crm 11.0.3
383
VMScore
CVE-2019-19211
Dolibarr ERP/CRM prior to 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS.
Dolibarr Dolibarr
383
VMScore
CVE-2020-7994
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote malicious users to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.ph...
Dolibarr Dolibarr Erp/crm 10.0.6
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »